In this post we will learn/test how the dynamic VLAN assignment works.

Basic Info:

Dynamic VLAN assignment: It pushes a wireless user into a specific VLAN based on his identity. This task of assigning users to a specific VLAN is handled by a RADIUS authentication server (i.e. ACS).

It’s a type of identity networking. It allows us to have single SSID, but allows specific users to use different VLAN attributes based on the user credentials.

This task of assigning users to a specific VLAN is handled by a RADIUS authentication server (ACS 5.2 in my case). This can be used, for example, to allow the wireless host to remain on the same VLAN as it moves within a campus network.

As a result, when a client attempts to associate to a LAP registered with a controller, the LAP passes the credentials of the user to the RADIUS server for validation. Once the authentication is successful, the RADIUS server passes (IETF) attributes to the user. These RADIUS attributes decide the VLAN ID that should be assigned to the wireless client.

***In my post I am using a single SSID

My Topology:

Let’s take an Example:

We will create a SSID “XYZ” and assign a non-routed VLAN (99) or management VLAN to it.

Now we have Groups of employees in our company “Production, Admin and Sales”.

VLANs as per Roles.(Production – 13, Admin – 14, Sales – 17 )

Steps to Configuration:

Configure WLC

Configure ACS server

Verification

Configure WLC

We must configure the WLC so it can communicate with the RADIUS server in order to authenticate the clients.

We can customize under what conditions we will allow user access to the network and what authorization profile (attributes) we will pass once authenticated. In this post, we selected Location, SSID, Device Type, and Identity Group.